Valid Editorial from 08.11.2007
FEDERAL LAW of January 10, 2002 N 1-FZ (as amended on November 8, 2007) “ON ELECTRONIC DIGITAL SIGNATURES”
For the purposes of this Federal Law, the following basic concepts are used:
electronic document - a document in which information is presented in electronic digital form;
electronic digital signature - a requisite of an electronic document intended to protect this electronic document from forgery, obtained as a result of cryptographic transformation of information using the private key of the electronic digital signature and allowing to identify the owner of the signature key certificate, as well as to establish the absence of distortion of information in the electronic document;
owner of a signature key certificate - an individual in whose name the certification center issued a signature key certificate and who owns the corresponding private key of an electronic digital signature, which allows using electronic digital signature tools to create his own electronic digital signature in electronic documents (sign electronic documents);
electronic digital signature means - hardware and (or) software that ensure the implementation of at least one of the following functions - creation of an electronic digital signature in an electronic document using the private key of the electronic digital signature, confirmation using the public key of the electronic digital signature of the authenticity of the electronic digital signature in electronic document, creation of closed and public keys electronic digital signatures;
certificate of electronic digital signature means - a paper document issued in accordance with the rules of the certification system to confirm compliance of electronic digital signature means with established requirements;
private key of an electronic digital signature - a unique sequence of characters known to the owner of the signature key certificate and intended for creating an electronic digital signature in electronic documents using electronic digital signature tools;
public key of an electronic digital signature - a unique sequence of characters corresponding to the private key of an electronic digital signature, available to any user of the information system and intended to confirm the authenticity of an electronic digital signature in an electronic document using electronic digital signature tools;
signature key certificate - a document on paper or an electronic document with an electronic digital signature of an authorized person of the certification center, which includes the public key of the electronic digital signature and which is issued by the certification center to a participant in the information system to confirm the authenticity of the electronic digital signature and identify the owner of the signature key certificate;
confirmation of the authenticity of an electronic digital signature in an electronic document - positive result verification by an appropriate certified means of electronic digital signature using a signature key certificate that the electronic digital signature in an electronic document belongs to the owner of the signature key certificate and the absence of distortions in the electronic document signed with this electronic digital signature;
user of a signature key certificate - an individual who uses information about a signature key certificate received from a certification center to verify that an electronic digital signature belongs to the owner of the signature key certificate;
public information system - an information system that is open for use by all individuals and legal entities and the services of which cannot be denied to these individuals;
corporate information system - an information system, the participants of which may be a limited number of persons, determined by its owner or by agreement of the participants of this information system.
Chapter II. TERMS OF USE OF ELECTRONIC DIGITAL SIGNATURE1. An electronic digital signature in an electronic document is equivalent to a handwritten signature in a document on paper, subject to the following conditions:
the signature key certificate related to this electronic digital signature has not lost force (is valid) at the time of verification or at the time of signing the electronic document if there is evidence determining the moment of signing;
the authenticity of the electronic digital signature in the electronic document is confirmed;
The electronic digital signature is used in accordance with the information specified in the signature key certificate.
2. A participant in the information system can simultaneously be the owner of any number of signature key certificates. In this case, an electronic document with an electronic digital signature has legal significance in the implementation of the relations specified in the signature key certificate.
1. The creation of keys for electronic digital signatures is carried out for use in:
information system for general use by its participant or at his request by the certification center;
corporate information system in the manner established in this system.
2. When creating electronic digital signature keys for use in a public information system, only certified electronic digital signature tools should be used. Compensation for losses caused in connection with the creation of electronic digital signature keys by uncertified electronic digital signature means may be assigned to the creators and distributors of these means in accordance with the legislation of the Russian Federation.
3. Use of uncertified electronic digital signature tools and electronic digital signature keys created by them in corporate information systems of federal government bodies, government bodies of constituent entities of the Russian Federation and bodies local government not allowed.
4. Certification of electronic digital signature means is carried out in accordance with the legislation of the Russian Federation on certification of products and services.
1. The signing key certificate must contain the following information:
unique registration number signature key certificate, start and end dates of validity of the signature key certificate located in the register of the certification authority;
last name, first name and patronymic of the owner of the signature key certificate or alias of the owner. If an alias is used, the certification authority makes a record of this in the signing key certificate;
public key of electronic digital signature;
name of the electronic digital signature tools with which this public key of the electronic digital signature is used;
name and location of the certification center that issued the signature key certificate;
information about the relationships in which an electronic document with an electronic digital signature will have legal significance.
2. If necessary, the signature key certificate, on the basis of supporting documents, indicates the position (indicating the name and location of the organization in which this position is established) and qualifications of the owner of the signature key certificate, and upon his application in writing - other information confirmed by the relevant documents.
3. The signature key certificate must be entered by the certification authority into the register of signature key certificates no later than the effective date of the signature key certificate.
4. To verify that the electronic digital signature belongs to the appropriate owner, a signature key certificate is issued to users indicating the date and time of its issuance, information about the validity of the signature key certificate (valid, suspended, terms of suspension, canceled, date and time of cancellation of the signature key certificate) and information about the registry of signing key certificates. If a signature key certificate is issued in the form of a paper document, this certificate is drawn up on the letterhead of the certification center and certified by the handwritten signature of an authorized person and the seal of the certification center. If a signature key certificate and the specified additional data are issued in the form of an electronic document, this certificate must be signed with an electronic digital signature of an authorized person of the certification center.
1. The storage period for a signature key certificate in the form of an electronic document in a certification center is determined by an agreement between the certification center and the owner of the signature key certificate. This ensures access for information system participants to the certification center to obtain a signature key certificate.
2. The period of storage of the signature key certificate in the form of an electronic document in the certification center after the cancellation of the signature key certificate must be no less than the limitation period established by federal law for the relations specified in the signature key certificate.
Upon expiration of the specified storage period, the signature key certificate is excluded from the register of signature key certificates and transferred to archival storage mode. The archival storage period is at least five years. The procedure for issuing copies of signature key certificates during this period is established in accordance with the legislation of the Russian Federation.
3. The signature key certificate in the form of a document on paper is stored in the manner established by the legislation of the Russian Federation on archives and archival affairs.
Chapter III. CERTIFICATION CENTERS1. The certification center issuing signature key certificates for use in public information systems must be a legal entity performing the functions provided for by this Federal Law. At the same time, the certification center must have the necessary material and financial capabilities to allow it to bear civil liability to users of signature key certificates for losses that may be incurred by them due to the unreliability of the information contained in the signature key certificates.
The requirements for the material and financial capabilities of certification centers are determined by the Government of the Russian Federation on the proposal of the authorized federal executive body.
The status of the certification center ensuring the functioning of the corporate information system is determined by its owner or by agreement of the participants of this system.
Clause 2 is no longer valid.
1. Certification center:
produces signature key certificates;
creates keys for electronic digital signatures at the request of participants in the information system with a guarantee of keeping the private key of the electronic digital signature secret;
suspends and renews signature key certificates, as well as revokes them;
maintains a register of signature key certificates, ensures its relevance and the possibility of free access to it by participants in information systems;
checks the uniqueness of public keys of electronic digital signatures in the register of signature key certificates and the archive of the certification center;
issues certificates of signature keys in the form of documents on paper and (or) in the form of electronic documents with information about their operation;
carries out, upon requests from users of signature key certificates, confirmation of the authenticity of an electronic digital signature in an electronic document in relation to the signature key certificates issued to them;
may provide information system participants with other services related to the use of electronic digital signatures.
2. The production of signature key certificates is carried out on the basis of an application from a participant in the information system, which contains the information specified in Article 6 of this Federal Law and necessary to identify the owner of the signature key certificate and transmit messages to him. The application is signed personally by the owner of the signing key certificate. The information contained in the application is confirmed by the presentation of relevant documents.
3. When producing signature key certificates, the certification center draws up in the form of paper documents two copies of the signature key certificate, which are certified by the handwritten signatures of the owner of the signature key certificate and the authorized person of the certification center, as well as the seal of the certification center. One copy of the signature key certificate is issued to the owner of the signature key certificate, the second remains in the certification center.
4. Services for issuing signature key certificates registered by a certification center to participants in information systems, along with information about their operation in the form of electronic documents, are provided free of charge.
1. Before using the electronic digital signature of the authorized person of the certification center to certify signature key certificates on behalf of the certification center, the certification center is obliged to submit to the authorized federal executive body the signature key certificate of the authorized person of the certification center in the form of an electronic document, as well as this certificate in the form of a document on paper with a handwritten signature of the specified authorized person, certified by the signature of the head and the seal of the certification center.
2. The authorized federal executive body maintains a unified state register of signature key certificates, with which certification centers working with participants in public information systems certify the signature key certificates they issue, ensures free access to this register and issues signature key certificates to the relevant authorized certifiers centers.
3. Electronic digital signatures of authorized persons of certification centers can be used only after they are included in the unified state register of signature key certificates. The use of these electronic digital signatures for purposes not related to the certification of signature key certificates and information about their operation is not permitted.
4. Authorized federal executive body:
carries out, upon requests from individuals, organizations, federal government bodies, government bodies of constituent entities of the Russian Federation and local governments, confirmation of the authenticity of electronic digital signatures of authorized persons of certification centers in the signature key certificates issued by them;
exercises, in accordance with the regulations on the authorized federal executive body, other powers to ensure the operation of this Federal Law.
When issuing a signature key certificate, the certification center assumes the following obligations towards the owner of the signature key certificate:
enter the signature key certificate into the register of signature key certificates;
ensure the issuance of a signature key certificate to information system participants who apply to it;
suspend the validity of the signing key certificate at the request of its owner;
notify the owner of the signature key certificate about facts that have become known to the certification center and which may significantly affect the possibility of further use of the signature key certificate;
other obligations established by regulatory legal acts or agreement of the parties.
1. The owner of the signing key certificate is obliged to:
not to use public and private keys of an electronic digital signature for an electronic digital signature if he knows that these keys are used or have been used previously;
keep the private key of the electronic digital signature secret;
immediately demand suspension of the signature key certificate if there are grounds to believe that the secret of the private key of the electronic digital signature has been violated.
2. If the requirements set out in this article are not met, compensation for losses caused as a result is assigned to the owner of the signature key certificate.
1. The validity of a signature key certificate may be suspended by a certification center based on the indication of persons or bodies having such a right by virtue of law or agreement, and in a corporate information system also by virtue of the rules of use established for it.
2. The period from the receipt by the certification center of an instruction to suspend the signature key certificate until the relevant information is entered into the register of signature key certificates must be established in accordance with the rule common to all owners of signature key certificates. By agreement between the certification authority and the owner of the signature key certificate, this period can be shortened.
3. The validity of the signature key certificate, at the direction of an authorized person (authority), is suspended for a period calculated in days, unless otherwise established by regulatory legal acts or an agreement. The certification center renews the validity of the signature key certificate at the direction of the authorized person (authority). If after the expiration of the specified period no instruction is received to renew the validity of the signature key certificate, it is subject to cancellation.
4. In accordance with the instructions of the authorized person (body) about the suspension of the signature key certificate, the certification center notifies users of signature key certificates about this by entering the relevant information into the register of signature key certificates, indicating the date, time and period of suspension of the signature key certificate, as well as notifies the owner of the signature key certificate and the authorized person (authority) from whom the instruction to suspend the signature key certificate was received.
1. The certification center that issued the signature key certificate is obliged to cancel it:
upon expiration of its validity period;
upon loss legal force certificate of appropriate electronic digital signature tools used in public information systems;
in the event that the certification center has become reliably aware of the termination of the document on the basis of which the signature key certificate was issued;
upon application in writing by the owner of the signature key certificate;
in other cases established by regulatory legal acts or agreement of the parties.
2. In the event of cancellation of a signature key certificate, the certification center notifies users of signature key certificates by entering the relevant information into the register of signature key certificates, indicating the date and time of cancellation of the signature key certificate, except for cases of cancellation of the signature key certificate upon expiration of its validity period, and also notifies the owner of the signature key certificate and the authorized person (authority) from whom the instruction to revoke the signature key certificate was received.
1. The activities of a certification center that issues certificates of signature keys for use in public information systems may be terminated in the manner established by civil legislation.
2. In the event of termination of the activities of the certification center specified in paragraph 1 of this article, the signature key certificates issued by this certification center may be transferred to another certification center in agreement with the owners of the signature key certificates.
Signature key certificates that have not been transferred to another certification center are canceled and transferred for storage in accordance with Article 7 of this Federal Law to the authorized federal executive body.
3. The activities of a certification center that ensures the functioning of a corporate information system are terminated by decision of the owner of this system, as well as by agreement of the participants of this system in connection with the transfer of the obligations of this certification center to another certification center or in connection with the liquidation of the corporate information system.
Chapter IV. FEATURES OF USING AN ELECTRONIC DIGITAL SIGNATURE1. Federal government bodies, government bodies of constituent entities of the Russian Federation, local government bodies, as well as organizations participating in document flow with these bodies, use electronic digital signatures of authorized persons of these bodies and organizations to sign their electronic documents.
2. Signature key certificates of authorized persons of federal government bodies are included in the register of signature key certificates maintained by the authorized federal executive body, and are issued to users of signature key certificates from this register in the manner established by this Federal Law for certification centers.
3. The procedure for organizing the issuance of signature key certificates of authorized persons of public authorities of the constituent entities of the Russian Federation and authorized persons of local self-government bodies is established by regulatory legal acts of the relevant bodies.
1. A corporate information system that provides participants in a public information system with the services of a certification center of a corporate information system must comply with the requirements established by this Federal Law for public information systems.
2. The procedure for using electronic digital signatures in a corporate information system is established by the decision of the owner of the corporate information system or by agreement of the participants of this system.
3. The content of information in signature key certificates, the procedure for maintaining a register of signature key certificates, the procedure for storing canceled signature key certificates, cases of loss of legal force by these certificates in a corporate information system are regulated by the decision of the owner of this system or an agreement of participants in the corporate information system.
A foreign signature key certificate, certified in accordance with the legislation of the foreign state in which this signature key certificate is registered, is recognized on the territory of the Russian Federation if the procedures established by the legislation of the Russian Federation for recognizing the legal value of foreign documents are followed.
2. In cases where established by laws and other regulatory legal acts of the Russian Federation or an agreement of the parties, an electronic digital signature in an electronic document, the certificate of which contains information about the powers of its owner necessary for the implementation of these relations, is recognized as equivalent to a person’s handwritten signature in a paper document certified by a seal.
Federal Law, with the exception of the requirement to first submit signature key certificates of their authorized persons to the authorized federal executive body. The corresponding certificates must be submitted to the specified body no later than three months from the date of entry into force of this Federal Law.President of Russian Federation
V. PUTIN
Moscow Kremlin
The Zakonbase website presents the FEDERAL LAW of January 10, 2002 N 1-FZ (as amended on November 8, 2007) “ON ELECTRONIC DIGITAL SIGNATURES” in the latest edition. It is easy to comply with all legal requirements if you read the relevant sections, chapters and articles of this document for 2014. To find the necessary legislative acts on a topic of interest, you should use convenient navigation or advanced search.
On the Zakonbase website you will find the FEDERAL LAW dated January 10, 2002 N 1-FZ (as amended on November 8, 2007) "ON ELECTRONIC DIGITAL SIGNATURES" in the latest and full version, in which all changes and amendments have been made. This guarantees the relevance and reliability of the information.
Work with an analogue of a handwritten visa is based on the rules established in this law. Let's look at this regulation in more detail.
Purposes of adoption and scope of the law on electronic signature
To begin with, it is worth noting that 63-FZ dated 04/06/2011 replaced the previously valid Federal Law on electronic digital signature No. 1 dated 01/10/2002. In this regard, the phrase “63 Federal Law on Electronic Digital Signatures” is incorrect.
In order for a document to have legal force, it must contain the details of the responsible person. Thus, a visa is affixed manually on paper documents, but its electronic counterpart is used for computer files. In order to regulate relations between the parties in the latter case, the law in question was adopted.
The document is valid in the following areas (Article 1):
- civil transactions;
- state and municipal services;
- state and municipal functions;
- other legally significant actions.
In addition, this method of document endorsement is used for government procurement, filing tax reports via the Internet, banking transactions, document flow of government agencies, etc.
Participants in such relations can be legal entities or individuals, as well as government bodies.
The electronic version of the visa is equivalent to the paper one - this is stated on the corresponding portal https://iecp.ru/.
Basic concepts used in 63-FZ
15 terms that are used in the text of the normative act are defined in Art. 2. Here we are talking about certification centers and their accreditation, electronic signature keys, their certificates and owners, corporate and information systems, etc.
And clauses 14 and 15 indicate what is meant by the delivery of an electronic signature verification key certificate and confirmation of ownership of the key itself.
The electronic signature itself is electronic information connected in some way with the same data that needs to be signed. The purpose is to identify the person who certifies the information. The last concept is defined in No. 149-FZ of July 27, 2006 as any information, regardless of its origin. Moreover, it can be either publicly accessible or closed (for example, a state secret).
Thus, the electronic signature can be used for any documents, including those not subject to public disclosure.
Structure of the Federal Law
Federal Law 63-FZ on electronic signature consists of 20 articles.
The first 4 of them are of a general nature and establish the scope of the law, definitions, legal regulation of such relations and principles for the use of electronic signatures.
In Art. 5 ES are divided into 2 types: simple and reinforced. The latter, in turn, can be unskilled or qualified. And if a simple visa only verifies the identity of the signatory through the use of codes and passwords, then an unqualified one, for example, must meet the following criteria:
- Created as a result of cryptographic modification of information using an electronic signature key.
- Establishes the identity of the signer of the document.
- Allows you to detect changes made to the document after signing.
- To create it, electronic means are used (Article 12).
In addition to the fact that a qualified visa must include the above features, its verification key must be indicated in the certificate. Also, when creating and checking it, electronic signature tools are used that comply with the requirements regulated by No. 63-FZ.
Next we talk about the features of using the concept in question. Thus, the law, under certain conditions, considers documents with an electronic signature to be equivalent to their paper counterparts (Article 6). And Article 7 talks about the recognition of signatures created according to international standards.
Art. 8 gives powers to federal executive authorities to work with electronic signatures. Such bodies are determined by the Government of the Russian Federation. These structures accredit and verify certification centers from which you can obtain a key and an electronic signature certificate. In addition, these authorities are the main certification centers in relation to the accredited ones.
In Art. 9 talks about the features of using simple electronic signature. Part 4 of this article prohibits the use of just such a signature for secret information.
Art. 10 establishes obligations for participants in transactions who use enhanced signatures. The main condition is maintaining the confidentiality of electronic signature keys.
The conditions for recognition of a qualified electronic signature are contained in Art. 11. Next are definitions of electronic signature tools that are used to create and control both the signature itself and its keys (Article 12).
In Art. 13-18 establish operating rules for certification centers: general provisions, issuance of certificates, accreditation, etc.
The last articles, 19 and 20, contain the final provisions and determine that the Federal Law on Electronic Signature No. 63 comes into force on the date of its publication. At the same time, No. 1-FZ on EDS ceases to be valid as of July 1, 2013.
What problems will it help solve?
Federal Law No. 63-FZ, which replaced the Law on Digital Signature No. 1, establishes the procedure for working with electronic signatures and determines its legal status. The text of the document touches on all participants who are related to the concept under consideration: from authorized authorities and certification centers to the person signing electronic documents. Therefore, if difficulties arise in obtaining or using digital signature keys and certificates, all of them can take advantage of this law.
Thanks to the established rules and the condition of non-disclosure of data related to electronic signatures, users can be confident in the security and authenticity of information transmitted via the Internet.
Thus, the use of electronic documents and electronic signatures according to the rules established in No. 63-FZ makes work processes faster, more convenient and reliable.
Article 1. Scope of this Federal Law
This Federal Law regulates relations in the field of using electronic signatures when making civil transactions, providing state and municipal services, performing state and municipal functions, and when performing other legally significant actions.
Article 2. Basic concepts used in this Federal Law
For the purposes of this Federal Law, the following basic concepts are used:
1) electronic signature - information in electronic form that is attached to other information in electronic form (signed information) or is otherwise associated with such information and which is used to identify the person signing the information;
2) electronic signature verification key certificate - an electronic document or a paper document issued by a certification center or an authorized representative of the certification center and confirming that the electronic signature verification key belongs to the owner of the electronic signature verification key certificate;
3) qualified certificate of an electronic signature verification key (hereinafter referred to as the qualified certificate) - a certificate of the electronic signature verification key issued by an accredited certification center or an authorized representative of an accredited certification center or a federal executive body authorized in the field of use of an electronic signature (hereinafter referred to as the authorized federal body) ;
4) owner of the electronic signature verification key certificate - the person to whom the electronic signature verification key certificate was issued in accordance with the procedure established by this Federal Law;
5) electronic signature key - a unique sequence of characters intended for creating an electronic signature;
6) electronic signature verification key - a unique sequence of characters uniquely associated with the electronic signature key and intended to verify the authenticity of an electronic signature (hereinafter referred to as electronic signature verification);
7) certification center - legal entity or individual entrepreneur performing the functions of creating and issuing certificates of keys for verifying electronic signatures, as well as other functions provided for by this Federal Law;
8) accreditation of a certification center - recognition by an authorized federal body of compliance of a certification center with the requirements of this Federal Law;
9) electronic signature means - encryption (cryptographic) means used to implement at least one of the following functions - creating an electronic signature, verifying an electronic signature, creating an electronic signature key and an electronic signature verification key;
10) means of the certification center - software and (or) hardware used to implement the functions of the certification center;
11) participants in electronic interaction - state bodies, local government bodies, organizations, as well as citizens exchanging information in electronic form;
12) corporate information system - an information system in which the participants in electronic interaction comprise a certain circle of persons;
13) public information system - an information system in which the participants in electronic interaction comprise an indefinite circle of persons and the use of which these persons cannot be denied.
Article 3. Legal regulation of relations in the field of use of electronic signatures
1. Relations in the field of use of electronic signatures are regulated by this Federal Law, other federal laws, normative legal acts adopted in accordance with them, as well as agreements between participants in electronic interaction. Unless otherwise established by federal laws, regulations adopted in accordance with them, or a decision on the creation of a corporate information system, the procedure for using an electronic signature in a corporate information system may be established by the operator of this system or by an agreement between participants in electronic interaction in it.
2. The types of electronic signatures used by executive authorities and local self-government bodies, the procedure for their use, as well as the requirements for ensuring the compatibility of electronic signature means when organizing electronic interaction between these bodies are established by the Government of the Russian Federation.
Article 4. Principles of using an electronic signature
The principles of using an electronic signature are:
1) the right of participants in electronic interaction to use an electronic signature of any type at their own discretion, if the requirement to use a specific type of electronic signature in accordance with the purposes of its use is not provided for by federal laws or regulations adopted in accordance with them or by an agreement between participants of electronic interaction;
2) the ability for participants in electronic interaction to use, at their discretion, any information technology and (or) technical means that allow them to comply with the requirements of this Federal Law in relation to the use of specific types of electronic signatures;
3) the inadmissibility of recognizing an electronic signature and (or) an electronic document signed by it as having no legal force only on the basis that such an electronic signature was not created with one’s own hand, but using electronic signature tools for the automatic creation and (or) automatic verification of electronic signatures in information system.
Article 5. Types of electronic signatures
1. The types of electronic signatures, relations in the field of use of which are regulated by this Federal Law, are a simple electronic signature and an enhanced electronic signature. There is a distinction between an enhanced unqualified electronic signature (hereinafter referred to as an unqualified electronic signature) and an enhanced qualified electronic signature (hereinafter referred to as a qualified electronic signature).
2. A simple electronic signature is an electronic signature that, through the use of codes, passwords or other means, confirms the fact of the formation of an electronic signature by a certain person.
3. An unqualified electronic signature is an electronic signature that:
1) obtained as a result of cryptographic transformation of information using an electronic signature key;
2) allows you to identify the person who signed the electronic document;
3) allows you to detect the fact of making changes to an electronic document after its signing;
4) created using electronic signature tools.
4. A qualified electronic signature is an electronic signature that meets all the characteristics of an unqualified electronic signature and the following additional characteristics:
1) the electronic signature verification key is indicated in the qualified certificate;
2) to create and verify an electronic signature, electronic signature tools are used that have received confirmation of compliance with the requirements established in accordance with this Federal Law.
5. When using an unqualified electronic signature, an electronic signature verification key certificate may not be created if the compliance of the electronic signature with the characteristics of an unqualified electronic signature established by this Federal Law can be ensured without using an electronic signature verification key certificate.
Article 6. Conditions for recognizing electronic documents signed with an electronic signature as equivalent to paper documents signed with a handwritten signature
1. Information in electronic form signed with a qualified electronic signature is recognized electronic document, equivalent to a paper document signed with a handwritten signature, except if federal laws or regulations adopted in accordance with them require that the document be drawn up exclusively on paper.
2. Information in electronic form, signed with a simple electronic signature or a non-qualified electronic signature, is recognized as an electronic document equivalent to a paper document signed with a handwritten signature, in cases established by federal laws, normative legal acts adopted in accordance with them, or an agreement between participants in an electronic interactions. Regulatory legal acts and agreements between participants in electronic interaction that establish cases of recognizing electronic documents signed with a non-qualified electronic signature as equivalent to paper documents signed with a handwritten signature must provide for a procedure for verifying an electronic signature. Regulatory legal acts and agreements between participants in electronic interaction establishing cases of recognizing electronic documents signed with a simple electronic signature as equivalent to paper documents signed with a handwritten signature must comply with the requirements of Article 9 of this Federal Law.
3. If in accordance with federal laws, normative legal acts adopted in accordance with them or business customs, a document must be certified by a seal, an electronic document signed with an enhanced electronic signature and recognized as equivalent to a paper document signed with a handwritten signature is recognized as equivalent to a document on on paper, signed with a handwritten signature and certified by a seal. Federal laws, regulations adopted in accordance with them, or an agreement between participants in electronic interaction may provide for additional requirements for an electronic document in order to recognize it as equivalent to a paper document certified by a seal.
4. Several interconnected electronic documents (package of electronic documents) can be signed with one electronic signature. When signing a package of electronic documents with an electronic signature, each of the electronic documents included in this package is considered signed by an electronic signature of the type with which the package of electronic documents was signed.
Article 7. Recognition of electronic signatures created in accordance with the norms of foreign law and international standards
1. Electronic signatures created in accordance with the rules of law of a foreign state and international standards are recognized in the Russian Federation as electronic signatures of the type whose characteristics they correspond to on the basis of this Federal Law.
2. An electronic signature and an electronic document signed by it cannot be considered invalid only on the grounds that the electronic signature verification key certificate was issued in accordance with the norms of foreign law.
Article 8. Powers of federal executive authorities in the field of using electronic signatures
1. The authorized federal body is determined by the Government of the Russian Federation.
2. Authorized federal body:
1) carries out accreditation of certification centers, conducts checks of compliance by accredited certification centers with the requirements that are established by this Federal Law and for compliance with which these certification centers were accredited, and if non-compliance is detected, issues orders to eliminate the identified violations;
2) performs the functions of the main certification center in relation to accredited certification centers.
3. The authorized federal body is obliged to ensure storage of the following information specified in this part and round-the-clock unhindered access to it using information and telecommunication networks:
1) names, addresses of accredited certification centers;
2) a register of qualified certificates issued and canceled by the authorized federal body;
3) a list of certification centers whose accreditation has been revoked;
4) a list of accredited certification centers whose accreditation has been suspended;
5) a list of accredited certification centers whose activities have been discontinued;
6) registers of qualified certificates transferred to the authorized federal body in accordance with Article 15 of this Federal Law.
4. The federal executive body that carries out the functions of developing and implementing state policy and legal regulation in the field information technologies, sets:
1) the procedure for transferring registers of qualified certificates and other information to the authorized federal body in the event of termination of the activities of an accredited certification center;
2) the procedure for creating and maintaining registers of qualified certificates, as well as providing information from such registers;
3) rules for accreditation of certification centers, the procedure for verifying compliance by accredited certification centers with the requirements established by this Federal Law and for compliance with which these certification centers were accredited.
5. Federal executive body in the field of security:
1) establishes requirements for the form of a qualified certificate;
2) establishes requirements for electronic signature means and means of the certification center;
3) confirms the compliance of electronic signature means and means of the certification center with the requirements established in accordance with this Federal Law, and publishes a list of such means.
Article 9. Use of a simple electronic signature
1. An electronic document is considered signed with a simple electronic signature if one of the following conditions is met:
1) a simple electronic signature is contained in the electronic document itself;
2) the simple electronic signature key is used in accordance with the rules established by the operator of the information system using which the creation and (or) sending of an electronic document is carried out, and the created and (or) sent electronic document contains information indicating the person on whose behalf an electronic document has been created and/or sent.
2. Regulatory legal acts and (or) agreements between participants in electronic interaction, establishing cases of recognizing electronic documents signed with a simple electronic signature as equivalent to paper documents signed with a handwritten signature, must provide, in particular:
1) rules for determining the person signing an electronic document by his simple electronic signature;
2) the obligation of the person creating and (or) using the simple electronic signature key to maintain its confidentiality.
3. The rules established by Articles 10 - 18 of this Federal Law do not apply to relations related to the use of a simple electronic signature, including the creation and use of a simple electronic signature key.
4. The use of a simple electronic signature for signing electronic documents containing information constituting a state secret, or in an information system containing information constituting a state secret, is not allowed.
Article 10. Obligations of participants in electronic interaction when using enhanced electronic signatures
When using enhanced electronic signatures, participants in electronic interaction are required to:
1) ensure the confidentiality of electronic signature keys, in particular, do not allow the use of electronic signature keys belonging to them without their consent;
2) notify the certification center that issued the electronic signature verification key certificate and other participants in electronic interaction about a violation of the confidentiality of the electronic signature key within no more than one business day from the date of receipt of information about such a violation;
3) do not use the electronic signature key if there are grounds to believe that the confidentiality of this key has been violated;
4) use electronic signature tools that have received confirmation of compliance with the requirements established in accordance with this Federal Law to create and verify qualified electronic signatures, create keys for qualified electronic signatures and keys for their verification.
Article 11. Recognition of a qualified electronic signature
A qualified electronic signature is recognized as valid until a court decision establishes otherwise, subject to the simultaneous observance of the following conditions:
1) a qualified certificate was created and issued by an accredited certification center, the accreditation of which is valid on the day of issue of the specified certificate;
2) the qualified certificate is valid at the time of signing the electronic document (if there is reliable information about the moment of signing the electronic document) or on the day of checking the validity of the specified certificate, if the moment of signing the electronic document is not determined;
3) there is a positive result of checking that the owner of the qualified certificate belongs to the qualified electronic signature with which the electronic document was signed, and the absence of changes made to this document after its signing is confirmed. In this case, the verification is carried out using electronic signature tools that have received confirmation of compliance with the requirements established in accordance with this Federal Law, and using a qualified certificate of the person who signed the electronic document;
4) a qualified electronic signature is used subject to the restrictions contained in the qualified certificate of the person signing the electronic document (if such restrictions are established).
Article 12. Electronic signature means
1. To create and verify an electronic signature, create an electronic signature key and an electronic signature verification key, electronic signature tools must be used that:
1) make it possible to establish the fact of a change in a signed electronic document after its signing;
2) ensure the practical impossibility of calculating the electronic signature key from the electronic signature or from its verification key.
2. When creating an electronic signature, electronic signature tools must:
1) show the person signing the electronic document the content of the information he is signing;
2) create an electronic signature only after confirmation by the person signing the electronic document of the operation to create an electronic signature;
3) clearly show that an electronic signature has been created.
3. When checking an electronic signature, electronic signature tools must:
1) show the contents of an electronic document signed with an electronic signature;
2) show information about making changes to an electronic document signed with an electronic signature;
3) indicate the person using whose electronic signature key electronic documents were signed.
4. Electronic signature tools intended for creating electronic signatures in electronic documents containing information constituting a state secret, or intended for use in an information system containing information constituting a state secret, are subject to confirmation of compliance with the mandatory requirements for the protection of information of the corresponding degree of secrecy in accordance with the legislation of the Russian Federation. Electronic signature tools intended for creating electronic signatures in electronic documents containing restricted information (including personal data) must not violate the confidentiality of such information.
5. The requirements of parts 2 and 3 of this article do not apply to electronic signature tools used for automatic creation and (or) automatic verification of electronic signatures in the information system.
Article 13. Certification center
1. Certification center:
1) creates certificates of electronic signature verification keys and issues such certificates to persons who apply for them (applicants);
2) establishes the validity period of electronic signature verification key certificates;
3) cancel the electronic signature verification key certificates issued by this certification center;
4) issues, at the request of the applicant, electronic signature tools containing the electronic signature key and the electronic signature verification key (including those created by the certification center) or providing the ability to create an electronic signature key and an electronic signature verification key by the applicant;
5) maintains a register of electronic signature verification key certificates issued and canceled by this certification center (hereinafter referred to as the register of certificates), including information contained in the electronic signature verification key certificates issued by this certification center, and information on the dates of termination or cancellation certificates of keys for verifying electronic signatures and the grounds for such termination or cancellation;
6) establishes the procedure for maintaining the register of certificates that are not qualified, and the procedure for accessing it, and also ensures access of persons to the information contained in the register of certificates, including using the information and telecommunications network "Internet";
7) upon requests from applicants, creates keys for electronic signatures and keys for verifying electronic signatures;
8) checks the uniqueness of electronic signature verification keys in the certificate register;
9) upon requests from participants in electronic interaction, checks electronic signatures;
10) carries out other activities related to the use of electronic signatures.
2. The certification center is obliged:
1) inform applicants in writing about the conditions and procedure for using electronic signatures and electronic signature means, about the risks associated with the use of electronic signatures, and about the measures necessary to ensure the security of electronic signatures and their verification;
2) ensure the relevance of the information contained in the register of certificates and its protection from unauthorized access, destruction, modification, blocking, and other unlawful actions;
3) provide free of charge to any person upon his request in accordance with the established procedure for access to the register of certificates, information contained in the register of certificates, including information on the revocation of the electronic signature verification key certificate;
4) ensure the confidentiality of electronic signature keys created by the certification center.
3. In accordance with the legislation of the Russian Federation, the certification center is responsible for damage caused to third parties as a result of:
1) failure to fulfill or improper fulfillment of obligations arising from the contract for the provision of services by the certification center;
2) non-fulfillment or improper fulfillment of duties provided for by this Federal Law.
4. The certification center has the right to grant third parties (hereinafter referred to as authorized persons) the authority to create and issue certificates of electronic signature verification keys on behalf of the certification center, signed with an electronic signature based on the electronic signature verification key certificate issued to the authorized person by this certification center.
5. The certification center specified in part 4 of this article, in relation to authorized persons, is the main certification center and performs the following functions:
1) carries out verification of electronic signatures, the verification keys of which are indicated in the certificates of electronic signature verification keys issued by authorized persons;
2) ensures electronic interaction of trusted persons with each other, as well as trusted persons with the certification center.
6. Information entered into the register of certificates is subject to storage for the entire period of activity of the certification center, unless a shorter period is established by regulatory legal acts. In the event of termination of the activities of a certification center without transferring its functions to other persons, it must notify in writing the owners of electronic signature verification key certificates that were issued by this certification center and the validity period of which has not expired, at least one month before the date of termination of the activities of this certification center. certification center. In this case, after the completion of the activities of the certification center, the information entered in the register of certificates must be destroyed. In the event of termination of the activities of a certification center with the transfer of its functions to other persons, it must notify in writing the owners of electronic signature verification key certificates that were issued by this certification center and the validity period of which has not expired, at least one month before the date of transfer of its functions . In this case, after the completion of the activities of the certification center, the information entered in the register of certificates must be transferred to the person to whom the functions of the certification center that ceased its activities were transferred.
7. The procedure for implementing the functions of a certification center, exercising its rights and fulfilling the duties specified in this article is established by the certification center independently, unless otherwise established by federal laws or regulations adopted in accordance with them or by agreement between participants in electronic interaction.
8. An agreement for the provision of services by a certification center that carries out its activities in relation to an unlimited number of persons using a public information system is a public contract.
Article 14. Electronic signature verification key certificate
1. The certification center creates and issues an electronic signature verification key certificate on the basis of an agreement between the certification center and the applicant.
2. The electronic signature verification key certificate must contain the following information:
1) the start and end dates of its validity;
2) last name, first name and patronymic (if any) - for individuals, name and location - for legal entities or other information that allows you to identify the owner of the electronic signature verification key certificate;
3) electronic signature verification key;
4) the name of the electronic signature tool used and (or) the standards whose requirements the electronic signature key and the electronic signature verification key meet;
5) the name of the certification center that issued the electronic signature verification key certificate;
6) other information provided for in Part 2 of Article 17 of this Federal Law - for a qualified certificate.
3. In the case of issuing a certificate of an electronic signature verification key to a legal entity as the owner of a certificate of an electronic signature verification key, along with indicating the name legal entity indicates an individual acting on behalf of a legal entity on the basis of the constituent documents of the legal entity or a power of attorney. It is allowed not to indicate as the owner of the electronic signature verification key certificate an individual acting on behalf of a legal entity in the electronic signature verification key certificate used for the automatic creation and (or) automatic verification of electronic signatures in the information system when providing state and municipal services, execution state and municipal functions, as well as in other cases provided for by federal laws and regulations adopted in accordance with them. The owner of such an electronic signature verification key certificate is the legal entity whose information is contained in such a certificate.
4. The certification center has the right to issue certificates of keys for verifying electronic signatures both in the form of electronic documents and in the form of documents on paper. The owner of an electronic signature verification key certificate issued in the form of an electronic document also has the right to receive a copy of the electronic signature verification key certificate on paper, certified by a certification center.
5. The electronic signature verification key certificate is valid from the moment of its issuance, unless a different start date for such a certificate is specified in the electronic signature verification key certificate itself. Information about the electronic signature verification key certificate must be entered by the certification center into the register of certificates no later than the start date of validity of such a certificate indicated therein.
6. The electronic signature verification key certificate expires:
1) due to the expiration of the established period of its validity;
2) based on the application of the owner of the electronic signature verification key certificate, submitted in the form of a document on paper or in the form of an electronic document;
3) in case of termination of the activities of the certification center without the transfer of its functions to other persons;
4) in other cases established by this Federal Law, other federal laws, normative legal acts adopted in accordance with them, or an agreement between the certification center and the owner of the electronic signature verification key certificate.
7. Information about the termination of the electronic signature verification key certificate must be entered by the certification center into the register of certificates within one business day from the date of the occurrence of the circumstances that led to the termination of the electronic signature verification key certificate. The validity of the electronic signature verification key certificate is terminated from the moment an entry about it is made in the certificate register.
8. Within no more than one working day, the certification center cancels the electronic signature verification key certificate by making an entry about its cancellation in the register of certificates by a court decision that has entered into legal force, in particular if the court decision establishes that the electronic signature verification key certificate contains false information.
9. The use of a revoked electronic signature verification key certificate does not entail legal consequences, except for those associated with its revocation. Before entering information about the revocation of an electronic signature verification key certificate into the register of certificates, the certification center is obliged to notify the owner of the electronic signature verification key certificate about the revocation of his electronic signature verification key certificate by sending a document on paper or an electronic document.
Article 15. Accredited certification center
1. A certification center that has received accreditation is an accredited certification center. An accredited certification center is required to store the following information:
1) details of the main document identifying the owner of the qualified certificate - an individual;
2) information about the name, number and date of issue of the document confirming the right of the person acting on behalf of the applicant - a legal entity, to apply for a qualified certificate;
3) information about the names, numbers and dates of issue of documents confirming the authority of the owner of a qualified certificate to act on behalf of third parties, if information about such authorities of the owner of a qualified certificate is included in the qualified certificate.
2. An accredited certification center must store the information specified in Part 1 of this article for the duration of its activities, unless a shorter period is provided for by regulatory legal acts of the Russian Federation. Information must be stored in a form that allows its integrity and reliability to be verified.
3. An accredited certification center is obliged to provide any person with free access, using information and telecommunication networks, to qualified certificates issued by this certification center and to current list canceled qualified certificates at any time during the period of activity of this certification center, unless otherwise established by federal laws or regulations adopted in accordance with them.
4. If a decision is made to terminate its activities, the accredited certification center is obliged to:
1) inform the authorized federal body about this no later than one month before the date of termination of its activities;
2) transfer the register of qualified certificates to the authorized federal body in the prescribed manner;
3) transfer for storage to the authorized federal body in the prescribed manner information that is subject to storage in an accredited certification center.
Article 16. Accreditation of a certification center
1. Accreditation of certification centers is carried out by the authorized federal body in relation to certification centers that are Russian or foreign legal entities.
2. Accreditation of a certification center is carried out on a voluntary basis. Accreditation of a certification center is carried out for a period of five years, unless a shorter period is specified in the application of the certification center.
3. Accreditation of a certification center is carried out subject to its fulfillment of the following requirements:
1) the value of the net assets of the certification center is not less than one million rubles;
2) the presence of financial security for liability for losses caused to third parties as a result of their trust in the information specified in the electronic signature verification key certificate issued by such a certification center, or information contained in the register of certificates maintained by such a certification center, in an amount not less than one and a half million rubles;
3) the availability of electronic signature means and means of a certification center that have received confirmation of compliance with the requirements established by the federal executive body in the field of security;
4) the presence on the staff of the certification center of at least two employees directly involved in the creation and issuance of certificates of keys for verifying electronic signatures, having a higher education professional education in the field of information technology or information security, or higher or secondary vocational education followed by retraining or advanced training in the use of electronic signatures.
4. Accreditation of a certification center is carried out on the basis of its application submitted to the authorized federal body. The application shall be accompanied by documents confirming the compliance of the certification center with the requirements established by part 3 of this article.
5. Within a period not exceeding thirty calendar days from the date of receipt of the certification center’s application, the authorized federal body, on the basis of the submitted documents, makes a decision on the accreditation of the certification center or on the refusal of its accreditation. If a decision is made to accredit a certification center, the authorized federal body, within a period not exceeding ten days from the date of the decision on accreditation, notifies the certification center about the decision taken and issues a certificate of accreditation in the prescribed form. Simultaneously with the issuance of an accreditation certificate, the authorized federal body issues to the accredited certification center a qualified certificate created using the funds of the head certification center, the functions of which are performed by the authorized federal body. If a decision is made to refuse accreditation of a certification center, the authorized federal body, within a period not exceeding ten calendar days from the date of the decision to refuse accreditation, sends or delivers to the certification center a notice of the decision made indicating the reasons for the refusal in the form of a paper document.
6. The basis for refusal to accredit a certification center is its non-compliance with the requirements established by part 3 of this article, or the presence of unreliable information in the documents submitted by it.
7. An accredited certification center must comply with the requirements for which it is accredited throughout the entire period of its accreditation. If circumstances arise that make it impossible to comply with these requirements, the certification center must immediately notify the authorized federal body in writing. An accredited certification center, when performing its functions and fulfilling its obligations, must comply with the requirements established for certification centers in Articles 13 - 15, 17 and 18 of this Federal Law. The authorized federal body has the right to conduct inspections of compliance by accredited certification centers with the requirements of this Federal Law throughout the entire period of their accreditation. If it is discovered that an accredited certification center does not comply with these requirements, the authorized federal body is obliged to issue this certification center an order to eliminate the violations within a specified period and suspend the accreditation for this period with information about this included in the list specified in paragraph 4 of part 3 of article 8 of this Federal Law . The accredited certification center notifies the authorized federal body in writing about the elimination of identified violations. The authorized federal body makes a decision on the renewal of accreditation, while it has the right to verify the actual elimination of previously identified violations and, if they are not eliminated within the period established by the order, cancels the accreditation of the certification center.
8. On state bodies, local government bodies, state and municipal institutions performing the functions of certification centers are not subject to the requirements established by paragraphs 1 and 2 of part 3 of this article.
9. The main certification center, the functions of which are performed by an authorized federal body, is not subject to accreditation in accordance with this Federal Law.
Article 17. Qualified certificate
1. A qualified certificate must be created using the funds of an accredited certification center.
2. The qualified certificate must contain the following information:
1) the unique number of the qualified certificate, the start and end dates of its validity;
2) last name, first name and patronymic (if any) of the owner of the qualified certificate - for an individual or name, location and main state registration number of the owner of the qualified certificate - for a legal entity;
3) the insurance number of the individual personal account of the owner of a qualified certificate - for an individual or the taxpayer identification number of the owner of a qualified certificate - for a legal entity;
4) electronic signature verification key;
5) names of electronic signature means and means of an accredited certification center that are used to create an electronic signature key, an electronic signature verification key, a qualified certificate, as well as details of a document confirming the compliance of these means with the requirements established in accordance with this Federal Law;
6) the name and location of the accredited certification center that issued the qualified certificate, the number of the qualified certificate of the certification center;
7) restrictions on the use of a qualified certificate (if such restrictions are established);
8) other information about the owner of the qualified certificate (at the request of the applicant).
3. If the applicant submits to an accredited certification center documents confirming his right to act on behalf of third parties, the qualified certificate may include information about such powers of the applicant and their validity period.
4. A qualified certificate is issued in a form, the requirements for which are established by the federal executive body in the field of security.
5. In the event of cancellation of a qualified certificate issued by an accredited certification center that issued a qualified certificate to the applicant, or in the event of cancellation or expiration of the accreditation of the certification center, the qualified certificate issued by the accredited certification center to the applicant shall cease to be valid.
6. The owner of a qualified certificate is obliged to:
1) do not use the electronic signature key and immediately contact the accredited certification center that issued the qualified certificate to terminate the validity of this certificate if there is reason to believe that the confidentiality of the electronic signature key has been violated;
2) use a qualified electronic signature in accordance with the restrictions contained in the qualified certificate (if such restrictions are established).
Article 18. Issuance of a qualified certificate
1. When issuing a qualified certificate, an accredited certification center is obliged to:
1) establish the identity of the applicant - an individual who applied to him to receive a qualified certificate;
2) receive from a person acting on behalf of the applicant - a legal entity, confirmation of the authority to apply for a qualified certificate.
2. When applying to an accredited certification center, the applicant indicates the restrictions on the use of the qualified certificate (if such restrictions are established) and submits the following documents confirming the accuracy of the information provided by the applicant for inclusion in the qualified certificate, or their duly certified copies:
1) the main identification document, the insurance certificate of state pension insurance of the applicant - an individual or constituent documents, a document confirming the fact of making an entry about a legal entity in the Unified State Register of Legal Entities, and a certificate of registration in tax authority the applicant is a legal entity;
2) a duly certified translation into Russian of documents on state registration of a legal entity in accordance with the legislation of a foreign state (for foreign legal entities);
3) a power of attorney or other document confirming the applicant’s right to act on behalf of other persons.
3. Upon receipt of a qualified certificate by the applicant, he must be familiarized with the information contained in the qualified certificate by an accredited certification center against receipt.
4. An accredited certification center, simultaneously with the issuance of a qualified certificate, must issue to the owner of a qualified certificate guidelines for ensuring the security of using a qualified electronic signature and qualified electronic signature means.
Article 19. Final provisions
1. Signature key certificates issued in accordance with Federal Law No. 1-FZ of January 10, 2002 “On Electronic Digital Signature” are recognized as qualified certificates in accordance with this Federal Law.
2. An electronic document signed with an electronic digital signature before the date of recognition of the Federal Law of January 10, 2002 N 1-FZ "On Electronic Digital Signature" as invalid is recognized as an electronic document signed with a qualified electronic signature in accordance with this Federal Law.
Article 20. Entry into force of this Federal Law
1. This Federal Law comes into force on the date of its official publication.
2. Federal Law of January 10, 2002 N 1-FZ “On Electronic Digital Signature” (Collection of Legislation of the Russian Federation, 2002, N 2, Art. 127) shall be declared invalid as of July 1, 2012.
President of the Russian Federation D. Medvedev
Federal Law on electronic signature has been in operation since 2002. What is an electronic signature intended for, who can use it and what legislative acts support this possibility - read on.
The original Federal Law-1 and the regime for the exchange of electronic documents, which is valid in 2015-2016
Current legislation provides the opportunity for individuals and legal entities to exchange electronic documents.
An electronic document is documented information presented in electronic form, that is, in a form suitable for human perception using electronic computers, as well as for transmission via information and telecommunication networks or processing in information systems (Clause 11.1 of Article 2 of the Law “ On information, information technologies and information protection” dated July 27, 2006 No. 149-FZ). To give legal force, an electronic document must be certified by an electronic digital signature (EDS) of an authorized person.
Federal law on digital signature defines an electronic signature as follows: an electronic form of information attached to or otherwise related to other information (the document being signed) that is used to identify the authorized signer of the document.
Exchange of documents in electronic form allows you to simultaneously solve problems:
- slow process of document exchange in paper format;
- the need for costs for moving papers;
- purchasing stationery and storing voluminous paper archives;
- loss of a paper document, loss of its physical and information properties over time, etc.
The possibility of electronic document exchange for participants appeared in 2002 with the adoption of the law about electronic digital signature№ 1-Federal Law dated January 10, 2002. Since then, an electronic document certified with an electronic signature is equivalent to a paper version signed by an authorized employee with his own hand.
IMPORTANT! Valid from 04/08/2011 law on digital signature № 63-FZ dated 04/06/2011, which regulates the algorithm for obtaining and using digital signatures by participants electronic document management(EDO). Clause 2 of Art. 20 of Law No. 63-FZ is declared invalid about digital signature№ 1-Federal Law.
Law on Electronic Digital Signature No. 63-FZ describes the algorithm for the operation of certification centers from which EDF participants must receive electronic signature keys.
EDI can be organized:
- within the company between employees;
- between the parties to the agreement (both legal entities and individuals) when exchanging agreements (Article 434 of the Civil Code of the Russian Federation) and any correctly executed primary documents signed with an electronic digital signature (clause 5 of Article 9 of the Law “On Accounting” dated December 6, 2011 No. 402-FZ );
- between the taxpayer and the fiscal authorities for sending declarations and necessary documents to the bodies of the Federal Tax Service (clause 2 of Article 93 of the Tax Code of the Russian Federation), the Pension Fund of the Russian Federation and the Social Insurance Fund.
Applications for the purchase of goods or services and bidding by budgetary organizations, state corporations, some public utilities and other legal entities named in the law “On the Procurement of Goods and Services” are also signed with a digital signature. certain types legal entities" dated July 18, 2011 No. 223-FZ.
Types and legal force of digital signature
Federal Law No. 63 - Federal Law on Electronic Digital Signature:
A simple digital signature is an algorithm consisting of a certain sequence of codes and passwords that confirms the fact that an electronic document has been signed by a certain person.
Enhanced unqualified digital signature - a signature obtained after cryptographic data encryption, which allows you to identify:
- the person who signed the document;
- the fact that changes were made to the document after signing
and is created using special software.
Enhanced qualified digital signature is a signature that has all the properties of an unqualified digital signature, the confirmation key of which is indicated in the certificate.
In what situations the qualified version of the signature should be used is explained in the material.
Simple and enhanced unqualified digital signatures correspond to the autograph of the signer on paper, and enhanced qualified digital signatures correspond to the signature and seal of the company certifying the electronic document (clauses 2, 3, article 6 of Law No. 63- Federal Law on electronic digital signature).
Federal Law No. 63-FZ - latest edition
IN Russian law on electronic digital signature changes were made several times. Latest edition digital signature law was approved by law dated June 23, 2016 No. 220-FZ.
But especially many adjustments and clarifications were made to law about electronic signatures 63-FZ Law of December 30, 2015 No. 445-FZ.
Read edition 63- Federal Law on digital signature, valid in 2016, can be found on our website.
the federal law№ 63-FZ on electronic signature dated 04/06/2011, as amended. Law of December 30, 2015 No. 445-FZ
The purchase of goods by individual legal entities is regulated by Law No. 223-FZ
State corporations, state-owned companies, monopolistic utilities and other legal entities, the list of which is approved in Art. 2 of the Law “On the Procurement of Goods and Services by Individual Legal Entities” dated July 18, 2011 No. 223-FZ, are required to formulate a plan for the procurement of goods and services for the current year by February 1 of each year and post information about planned purchases worth more than 100,000 rubles. in a unified information system, as well as on other Internet sites, for example, on the website of the customer company. But before placing an application, the customer must register with unified system identification and authentication (USIA). To do this, you must obtain a qualified digital signature from a certified certification center. If trades or auctions are held on the customer’s website, then the use of an unqualified digital signature is allowed. Which signature to use depends on the requirements of the selected site, which can be found on the resource itself. If a company places applications on several sites, then for each of them you should purchase its own certificate or use a universal signature, which will contain both a qualified and unqualified signature.
Signing a contract with an electronic signature according to Law No. 44-FZ
To purchase goods and services for municipal and state needs, budgetary organizations are required to enter plans, procurement schedules, applications for auctions, contracts with winning suppliers, etc. into the unified information system (UIS) in accordance with the provisions of the law “On the contract system in the field of procurement” dated 04/05/2013 No. 44-FZ. All documents posted on electronic platform, must be signed with an enhanced qualified digital signature. Electronic signature By 44-FZ, as well as keys and certificates for it are issued by an accredited certification center (CA).
Within 5 days after placing the order, the winner of the tender places a draft contract on the electronic platform, signed with the digital signature of an authorized person. In case of disagreements regarding the contract, the parties can draw up a protocol of disagreements and exchange it in the EDI format. After agreeing on disagreements under the contract, the customer places the approved contract on the electronic platform and signs it with his digital signature. From this day on, the contract is considered concluded.
Results
There is no single law on the use of digital signatures describing all possible documents and transactions in the Russian Federation. The algorithm for obtaining and using digital signature keys describes Federal law on electronic digital signature dated 04/06/2011 No. 63-FZ. The procedure for using digital signatures by various organizations when signing declarations, primary documentation, contracts, etc. is enshrined in the relevant legislative acts.
Article 1. Scope of this Federal Law
This Federal Law regulates relations in the field of using electronic signatures when making civil transactions, providing state and municipal services, performing state and municipal functions, and when performing other legally significant actions.
Article 2. Basic concepts used in this Federal Law
For the purposes of this Federal Law, the following basic concepts are used:
1) electronic signature - information in electronic form that is attached to other information in electronic form (signed information) or is otherwise associated with such information and which is used to identify the person signing the information;
2) electronic signature verification key certificate - an electronic document or a paper document issued by a certification center or an authorized representative of the certification center and confirming that the electronic signature verification key belongs to the owner of the electronic signature verification key certificate;
3) qualified certificate of an electronic signature verification key (hereinafter referred to as the qualified certificate) - a certificate of the electronic signature verification key issued by an accredited certification center or an authorized representative of an accredited certification center or a federal executive body authorized in the field of use of an electronic signature (hereinafter referred to as the authorized federal body) ;
4) owner of the electronic signature verification key certificate - the person to whom the electronic signature verification key certificate was issued in accordance with the procedure established by this Federal Law;
5) electronic signature key - a unique sequence of characters intended for creating an electronic signature;
6) electronic signature verification key - a unique sequence of characters uniquely associated with the electronic signature key and intended to verify the authenticity of an electronic signature (hereinafter referred to as electronic signature verification);
7) certification center - a legal entity or individual entrepreneur performing the functions of creating and issuing certificates of keys for verifying electronic signatures, as well as other functions provided for by this Federal Law;
8) accreditation of a certification center - recognition by an authorized federal body of compliance of a certification center with the requirements of this Federal Law;
9) electronic signature means - encryption (cryptographic) means used to implement at least one of the following functions - creating an electronic signature, verifying an electronic signature, creating an electronic signature key and an electronic signature verification key;
10) means of the certification center - software and (or) hardware used to implement the functions of the certification center;
11) participants in electronic interaction - state bodies, local government bodies, organizations, as well as citizens exchanging information in electronic form;
12) corporate information system - an information system in which the participants in electronic interaction comprise a certain circle of persons;
13) public information system - an information system in which the participants in electronic interaction comprise an indefinite circle of persons and the use of which these persons cannot be denied.
Article 3. Legal regulation of relations in the field of use of electronic signatures
1. Relations in the field of use of electronic signatures are regulated by this Federal Law, other federal laws, normative legal acts adopted in accordance with them, as well as agreements between participants in electronic interaction. Unless otherwise established by federal laws, regulations adopted in accordance with them, or a decision on the creation of a corporate information system, the procedure for using an electronic signature in a corporate information system may be established by the operator of this system or by an agreement between participants in electronic interaction in it.
2. The types of electronic signatures used by executive authorities and local self-government bodies, the procedure for their use, as well as the requirements for ensuring the compatibility of electronic signature means when organizing electronic interaction between these bodies are established by the Government of the Russian Federation.
Article 4. Principles of using an electronic signature
The principles of using an electronic signature are:
1) the right of participants in electronic interaction to use an electronic signature of any type at their own discretion, if the requirement to use a specific type of electronic signature in accordance with the purposes of its use is not provided for by federal laws or regulations adopted in accordance with them or by an agreement between participants of electronic interaction;
2) the ability for participants in electronic interaction to use, at their discretion, any information technology and (or) technical means that allow them to comply with the requirements of this Federal Law in relation to the use of specific types of electronic signatures;
3) the inadmissibility of recognizing an electronic signature and (or) an electronic document signed by it as having no legal force only on the basis that such an electronic signature was not created with one’s own hand, but using electronic signature tools for the automatic creation and (or) automatic verification of electronic signatures in information system.
Article 5. Types of electronic signatures
1. The types of electronic signatures, relations in the field of use of which are regulated by this Federal Law, are a simple electronic signature and an enhanced electronic signature. There is a distinction between an enhanced unqualified electronic signature (hereinafter referred to as an unqualified electronic signature) and an enhanced qualified electronic signature (hereinafter referred to as a qualified electronic signature).
2. A simple electronic signature is an electronic signature that, through the use of codes, passwords or other means, confirms the fact of the formation of an electronic signature by a certain person.
3. An unqualified electronic signature is an electronic signature that:
1) obtained as a result of cryptographic transformation of information using an electronic signature key;
2) allows you to identify the person who signed the electronic document;
3) allows you to detect the fact of making changes to an electronic document after its signing;
4) created using electronic signature tools.
4. A qualified electronic signature is an electronic signature that meets all the characteristics of an unqualified electronic signature and the following additional characteristics:
1) the electronic signature verification key is indicated in the qualified certificate;
2) to create and verify an electronic signature, electronic signature tools are used that have received confirmation of compliance with the requirements established in accordance with this Federal Law.
5. When using an unqualified electronic signature, an electronic signature verification key certificate may not be created if the compliance of the electronic signature with the characteristics of an unqualified electronic signature established by this Federal Law can be ensured without using an electronic signature verification key certificate.
Article 6. Conditions for recognizing electronic documents signed with an electronic signature as equivalent to paper documents signed with a handwritten signature
1. Information in electronic form, signed with a qualified electronic signature, is recognized as an electronic document equivalent to a paper document signed with a handwritten signature, except if federal laws or regulations adopted in accordance with them establish a requirement for the need to draw up a document exclusively on paper carrier.
2. Information in electronic form, signed with a simple electronic signature or a non-qualified electronic signature, is recognized as an electronic document equivalent to a paper document signed with a handwritten signature, in cases established by federal laws, normative legal acts adopted in accordance with them, or an agreement between participants in an electronic interactions. Regulatory legal acts and agreements between participants in electronic interaction that establish cases of recognizing electronic documents signed with a non-qualified electronic signature as equivalent to paper documents signed with a handwritten signature must provide for a procedure for verifying an electronic signature. Regulatory legal acts and agreements between participants in electronic interaction establishing cases of recognizing electronic documents signed with a simple electronic signature as equivalent to paper documents signed with a handwritten signature must comply with the requirements of Article 9 of this Federal Law.
3. If in accordance with federal laws, normative legal acts adopted in accordance with them or business customs, a document must be certified by a seal, an electronic document signed with an enhanced electronic signature and recognized as equivalent to a paper document signed with a handwritten signature is recognized as equivalent to a document on on paper, signed with a handwritten signature and certified by a seal. Federal laws, regulations adopted in accordance with them, or an agreement between participants in electronic interaction may provide for additional requirements for an electronic document in order to recognize it as equivalent to a paper document certified by a seal.
4. Several interconnected electronic documents (package of electronic documents) can be signed with one electronic signature. When signing a package of electronic documents with an electronic signature, each of the electronic documents included in this package is considered signed by an electronic signature of the type with which the package of electronic documents was signed.
Article 7. Recognition of electronic signatures created in accordance with foreign law and international standards
1. Electronic signatures created in accordance with the rules of law of a foreign state and international standards are recognized in the Russian Federation as electronic signatures of the type whose characteristics they correspond to on the basis of this Federal Law.
2. An electronic signature and an electronic document signed by it cannot be considered invalid only on the grounds that the electronic signature verification key certificate was issued in accordance with the norms of foreign law.
Article 8. Powers of federal executive authorities in the field of using electronic signatures
1. The authorized federal body is determined by the Government of the Russian Federation.
2. Authorized federal body:
1) carries out accreditation of certification centers, conducts checks of compliance by accredited certification centers with the requirements that are established by this Federal Law and for compliance with which these certification centers were accredited, and if non-compliance is detected, issues orders to eliminate the identified violations;
2) performs the functions of the main certification center in relation to accredited certification centers.
3. The authorized federal body is obliged to ensure storage of the following information specified in this part and round-the-clock unhindered access to it using information and telecommunication networks:
1) names, addresses of accredited certification centers;
2) a register of qualified certificates issued and canceled by the authorized federal body;
3) a list of certification centers whose accreditation has been revoked;
4) a list of accredited certification centers whose accreditation has been suspended;
5) a list of accredited certification centers whose activities have been discontinued;
6) registers of qualified certificates transferred to the authorized federal body in accordance with Article 15 of this Federal Law.
4. The federal executive body exercising the functions of developing and implementing state policy and legal regulation in the field of information technology establishes:
1) the procedure for transferring registers of qualified certificates and other information to the authorized federal body in the event of termination of the activities of an accredited certification center;
2) the procedure for creating and maintaining registers of qualified certificates, as well as providing information from such registers;
3) rules for accreditation of certification centers, the procedure for verifying compliance by accredited certification centers with the requirements established by this Federal Law and for compliance with which these certification centers were accredited.
5. Federal executive body in the field of security:
1) establishes requirements for the form of a qualified certificate;
2) establishes requirements for electronic signature means and means of the certification center;
3) confirms the compliance of electronic signature means and means of the certification center with the requirements established in accordance with this Federal Law, and publishes a list of such means.
Article 9. Use of a simple electronic signature
1. An electronic document is considered signed with a simple electronic signature if one of the following conditions is met:
1) a simple electronic signature is contained in the electronic document itself;
2) the simple electronic signature key is used in accordance with the rules established by the operator of the information system using which the creation and (or) sending of an electronic document is carried out, and the created and (or) sent electronic document contains information indicating the person on whose behalf an electronic document has been created and/or sent.
2. Regulatory legal acts and (or) agreements between participants in electronic interaction, establishing cases of recognizing electronic documents signed with a simple electronic signature as equivalent to paper documents signed with a handwritten signature, must provide, in particular:
1) rules for determining the person signing an electronic document by his simple electronic signature;
2) the obligation of the person creating and (or) using the simple electronic signature key to maintain its confidentiality.
3. The rules established by Articles 10 - 18 of this Federal Law do not apply to relations related to the use of a simple electronic signature, including the creation and use of a simple electronic signature key.
4. The use of a simple electronic signature for signing electronic documents containing information constituting a state secret, or in an information system containing information constituting a state secret, is not allowed.
Article 10. Obligations of participants in electronic interaction when using enhanced electronic signatures
When using enhanced electronic signatures, participants in electronic interaction are required to:
1) ensure the confidentiality of electronic signature keys, in particular, do not allow the use of electronic signature keys belonging to them without their consent;
2) notify the certification center that issued the electronic signature verification key certificate and other participants in electronic interaction about a violation of the confidentiality of the electronic signature key within no more than one business day from the date of receipt of information about such a violation;
3) do not use the electronic signature key if there are grounds to believe that the confidentiality of this key has been violated;
4) use electronic signature tools that have received confirmation of compliance with the requirements established in accordance with this Federal Law to create and verify qualified electronic signatures, create keys for qualified electronic signatures and keys for their verification.
Article 11. Recognition of a qualified electronic signature
A qualified electronic signature is recognized as valid until a court decision establishes otherwise, subject to the simultaneous observance of the following conditions:
1) a qualified certificate was created and issued by an accredited certification center, the accreditation of which is valid on the day of issue of the specified certificate;
2) the qualified certificate is valid at the time of signing the electronic document (if there is reliable information about the moment of signing the electronic document) or on the day of checking the validity of the specified certificate, if the moment of signing the electronic document is not determined;
3) there is a positive result of checking that the owner of the qualified certificate belongs to the qualified electronic signature with which the electronic document was signed, and the absence of changes made to this document after its signing is confirmed. In this case, the verification is carried out using electronic signature tools that have received confirmation of compliance with the requirements established in accordance with this Federal Law, and using a qualified certificate of the person who signed the electronic document;
4) a qualified electronic signature is used subject to the restrictions contained in the qualified certificate of the person signing the electronic document (if such restrictions are established).
Article 12. Electronic signature means
1. To create and verify an electronic signature, create an electronic signature key and an electronic signature verification key, electronic signature tools must be used that:
1) make it possible to establish the fact of a change in a signed electronic document after its signing;
2) ensure the practical impossibility of calculating the electronic signature key from the electronic signature or from its verification key.
2. When creating an electronic signature, electronic signature tools must:
1) show the person signing the electronic document the content of the information he is signing;
2) create an electronic signature only after confirmation by the person signing the electronic document of the operation to create an electronic signature;
3) clearly show that an electronic signature has been created.
3. When checking an electronic signature, electronic signature tools must:
1) show the contents of an electronic document signed with an electronic signature;
2) show information about making changes to an electronic document signed with an electronic signature;
3) indicate the person using whose electronic signature key electronic documents were signed.
4. Electronic signature tools intended for creating electronic signatures in electronic documents containing information constituting a state secret, or intended for use in an information system containing information constituting a state secret, are subject to confirmation of compliance with the mandatory requirements for the protection of information of the corresponding degree of secrecy in accordance with the legislation of the Russian Federation. Electronic signature tools intended for creating electronic signatures in electronic documents containing restricted information (including personal data) must not violate the confidentiality of such information.
5. The requirements of parts 2 and 3 of this article do not apply to electronic signature tools used for automatic creation and (or) automatic verification of electronic signatures in the information system.
Article 13. Certification center
1. Certification center:
1) creates certificates of electronic signature verification keys and issues such certificates to persons who apply for them (applicants);
2) establishes the validity period of electronic signature verification key certificates;
3) cancel the electronic signature verification key certificates issued by this certification center;
4) issues, at the request of the applicant, electronic signature tools containing the electronic signature key and the electronic signature verification key (including those created by the certification center) or providing the ability to create an electronic signature key and an electronic signature verification key by the applicant;
5) maintains a register of electronic signature verification key certificates issued and canceled by this certification center (hereinafter referred to as the register of certificates), including information contained in the electronic signature verification key certificates issued by this certification center, and information on the dates of termination or cancellation certificates of keys for verifying electronic signatures and the grounds for such termination or cancellation;
6) establishes the procedure for maintaining the register of certificates that are not qualified, and the procedure for accessing it, and also ensures access of persons to the information contained in the register of certificates, including using the information and telecommunications network "Internet";
7) upon requests from applicants, creates keys for electronic signatures and keys for verifying electronic signatures;
8) checks the uniqueness of electronic signature verification keys in the certificate register;
9) upon requests from participants in electronic interaction, checks electronic signatures;
10) carries out other activities related to the use of electronic signatures.
2. The certification center is obliged:
1) inform applicants in writing about the conditions and procedure for using electronic signatures and electronic signature means, about the risks associated with the use of electronic signatures, and about the measures necessary to ensure the security of electronic signatures and their verification;
2) ensure the relevance of the information contained in the register of certificates and its protection from unauthorized access, destruction, modification, blocking, and other unlawful actions;
3) provide free of charge to any person upon his request in accordance with the established procedure for access to the register of certificates, information contained in the register of certificates, including information on the revocation of the electronic signature verification key certificate;
4) ensure the confidentiality of electronic signature keys created by the certification center.
3. In accordance with the legislation of the Russian Federation, the certification center is responsible for damage caused to third parties as a result of:
1) failure to fulfill or improper fulfillment of obligations arising from the contract for the provision of services by the certification center;
2) non-fulfillment or improper fulfillment of duties provided for by this Federal Law.
4. The certification center has the right to grant third parties (hereinafter referred to as authorized persons) the authority to create and issue certificates of electronic signature verification keys on behalf of the certification center, signed with an electronic signature based on the electronic signature verification key certificate issued to the authorized person by this certification center.
5. The certification center specified in part 4 of this article, in relation to authorized persons, is the main certification center and performs the following functions:
1) carries out verification of electronic signatures, the verification keys of which are indicated in the certificates of electronic signature verification keys issued by authorized persons;
2) ensures electronic interaction of trusted persons with each other, as well as trusted persons with the certification center.
6. Information entered into the register of certificates is subject to storage for the entire period of activity of the certification center, unless a shorter period is established by regulatory legal acts. In the event of termination of the activities of a certification center without transferring its functions to other persons, it must notify in writing the owners of electronic signature verification key certificates that were issued by this certification center and the validity period of which has not expired, at least one month before the date of termination of the activities of this certification center. certification center. In this case, after the completion of the activities of the certification center, the information entered in the register of certificates must be destroyed. In the event of termination of the activities of a certification center with the transfer of its functions to other persons, it must notify in writing the owners of electronic signature verification key certificates that were issued by this certification center and the validity period of which has not expired, at least one month before the date of transfer of its functions . In this case, after the completion of the activities of the certification center, the information entered in the register of certificates must be transferred to the person to whom the functions of the certification center that ceased its activities were transferred.
7. The procedure for implementing the functions of a certification center, exercising its rights and fulfilling the duties specified in this article is established by the certification center independently, unless otherwise established by federal laws or regulations adopted in accordance with them or by agreement between participants in electronic interaction.
8. An agreement for the provision of services by a certification center that carries out its activities in relation to an unlimited number of persons using a public information system is a public contract.
Article 14. Electronic signature verification key certificate
1. The certification center creates and issues an electronic signature verification key certificate on the basis of an agreement between the certification center and the applicant.
2. The electronic signature verification key certificate must contain the following information:
1) the start and end dates of its validity;
2) last name, first name and patronymic (if any) - for individuals, name and location - for legal entities or other information that allows you to identify the owner of the electronic signature verification key certificate;
3) electronic signature verification key;
4) the name of the electronic signature tool used and (or) the standards whose requirements the electronic signature key and the electronic signature verification key meet;
5) the name of the certification center that issued the electronic signature verification key certificate;
6) other information provided for in Part 2 of Article 17 of this Federal Law - for a qualified certificate.
3. In the case of issuing a certificate of an electronic signature verification key to a legal entity, an individual acting on behalf of the legal entity on the basis of the constituent documents of the legal entity or a power of attorney is indicated as the owner of the certificate of the electronic signature verification key, along with indicating the name of the legal entity. It is allowed not to indicate as the owner of the electronic signature verification key certificate an individual acting on behalf of a legal entity in the electronic signature verification key certificate used for the automatic creation and (or) automatic verification of electronic signatures in the information system when providing state and municipal services, execution state and municipal functions, as well as in other cases provided for by federal laws and regulations adopted in accordance with them. The owner of such an electronic signature verification key certificate is the legal entity whose information is contained in such a certificate.
4. The certification center has the right to issue certificates of keys for verifying electronic signatures both in the form of electronic documents and in the form of documents on paper. The owner of an electronic signature verification key certificate issued in the form of an electronic document also has the right to receive a copy of the electronic signature verification key certificate on paper, certified by a certification center.
5. The electronic signature verification key certificate is valid from the moment of its issuance, unless a different start date for such a certificate is specified in the electronic signature verification key certificate itself. Information about the electronic signature verification key certificate must be entered by the certification center into the register of certificates no later than the start date of validity of such a certificate indicated therein.
6. The electronic signature verification key certificate expires:
1) due to the expiration of the established period of its validity;
2) based on the application of the owner of the electronic signature verification key certificate, submitted in the form of a document on paper or in the form of an electronic document;
3) in case of termination of the activities of the certification center without the transfer of its functions to other persons;
4) in other cases established by this Federal Law, other federal laws, normative legal acts adopted in accordance with them, or an agreement between the certification center and the owner of the electronic signature verification key certificate.
7. Information about the termination of the electronic signature verification key certificate must be entered by the certification center into the register of certificates within one business day from the date of the occurrence of the circumstances that led to the termination of the electronic signature verification key certificate. The validity of the electronic signature verification key certificate is terminated from the moment an entry about it is made in the certificate register.
8. Within no more than one working day, the certification center cancels the electronic signature verification key certificate by making an entry about its cancellation in the register of certificates by a court decision that has entered into legal force, in particular if the court decision establishes that the electronic signature verification key certificate contains false information.
9. The use of a revoked electronic signature verification key certificate does not entail legal consequences, except for those associated with its revocation. Before entering information about the revocation of an electronic signature verification key certificate into the register of certificates, the certification center is obliged to notify the owner of the electronic signature verification key certificate about the revocation of his electronic signature verification key certificate by sending a document on paper or an electronic document.
Article 15. Accredited certification center
1. A certification center that has received accreditation is an accredited certification center. An accredited certification center is required to store the following information:
1) details of the main document identifying the owner of the qualified certificate - an individual;
2) information about the name, number and date of issue of the document confirming the right of the person acting on behalf of the applicant - a legal entity, to apply for a qualified certificate;
3) information about the names, numbers and dates of issue of documents confirming the authority of the owner of a qualified certificate to act on behalf of third parties, if information about such authorities of the owner of a qualified certificate is included in the qualified certificate.
2. An accredited certification center must store the information specified in Part 1 of this article for the duration of its activities, unless a shorter period is provided for by regulatory legal acts of the Russian Federation. Information must be stored in a form that allows its integrity and reliability to be verified.
3. An accredited certification center is obliged to provide any person with free access, using information and telecommunication networks, to the qualified certificates issued by this certification center and to the current list of canceled qualified certificates at any time during the period of activity of this certification center, unless otherwise established by federal laws or adopted in accordance with their regulatory legal acts.
4. If a decision is made to terminate its activities, the accredited certification center is obliged to:
1) inform the authorized federal body about this no later than one month before the date of termination of its activities;
2) transfer the register of qualified certificates to the authorized federal body in the prescribed manner;
3) transfer for storage to the authorized federal body in the prescribed manner information that is subject to storage in an accredited certification center.
Article 16. Accreditation of a certification center
1. Accreditation of certification centers is carried out by the authorized federal body in relation to certification centers that are Russian or foreign legal entities.
2. Accreditation of a certification center is carried out on a voluntary basis. Accreditation of a certification center is carried out for a period of five years, unless a shorter period is specified in the application of the certification center.
3. Accreditation of a certification center is carried out subject to its fulfillment of the following requirements:
1) the value of the net assets of the certification center is not less than one million rubles;
2) the presence of financial security for liability for losses caused to third parties as a result of their trust in the information specified in the electronic signature verification key certificate issued by such a certification center, or information contained in the register of certificates maintained by such a certification center, in an amount not less than one and a half million rubles;
3) the availability of electronic signature means and means of a certification center that have received confirmation of compliance with the requirements established by the federal executive body in the field of security;
4) the presence on the staff of the certification center of at least two employees who are directly involved in the creation and issuance of certificates of keys for verifying electronic signatures, who have a higher professional education in the field of information technology or information security, or a higher or secondary vocational education with subsequent retraining or advanced training in issues regarding the use of electronic signatures.
4. Accreditation of a certification center is carried out on the basis of its application submitted to the authorized federal body. The application shall be accompanied by documents confirming the compliance of the certification center with the requirements established by part 3 of this article.
5. Within a period not exceeding thirty calendar days from the date of receipt of the certification center’s application, the authorized federal body, on the basis of the submitted documents, makes a decision on the accreditation of the certification center or on the refusal of its accreditation. If a decision is made to accredit a certification center, the authorized federal body, within a period not exceeding ten days from the date of the decision on accreditation, notifies the certification center of the decision made and issues an accreditation certificate in the prescribed form. Simultaneously with the issuance of an accreditation certificate, the authorized federal body issues to the accredited certification center a qualified certificate created using the funds of the head certification center, the functions of which are performed by the authorized federal body. If a decision is made to refuse accreditation of a certification center, the authorized federal body, within a period not exceeding ten calendar days from the date of the decision to refuse accreditation, sends or delivers to the certification center a notice of the decision made indicating the reasons for the refusal in the form of a paper document.
6. The basis for refusal to accredit a certification center is its non-compliance with the requirements established by part 3 of this article, or the presence of unreliable information in the documents submitted by it.
7. An accredited certification center must comply with the requirements for which it is accredited throughout the entire period of its accreditation. If circumstances arise that make it impossible to comply with these requirements, the certification center must immediately notify the authorized federal body in writing. An accredited certification center, when performing its functions and fulfilling its obligations, must comply with the requirements established for certification centers in Articles 13 - 15, 17 and 18 of this Federal Law. The authorized federal body has the right to conduct inspections of compliance by accredited certification centers with the requirements of this Federal Law throughout the entire period of their accreditation. If it is discovered that an accredited certification center does not comply with these requirements, the authorized federal body is obliged to issue this certification center an order to eliminate the violations within a specified period and suspend the accreditation for this period with information about this included in the list specified in paragraph 4 of part 3 of article 8 of this Federal Law . The accredited certification center notifies the authorized federal body in writing about the elimination of identified violations. The authorized federal body makes a decision on the renewal of accreditation, while it has the right to verify the actual elimination of previously identified violations and, if they are not eliminated within the period established by the order, cancels the accreditation of the certification center.
8. State bodies, local government bodies, state and municipal institutions performing the functions of certification centers are not subject to the requirements established by paragraphs 1 and 2 of part 3 of this article.
9. The main certification center, the functions of which are performed by an authorized federal body, is not subject to accreditation in accordance with this Federal Law.
Article 17. Qualified certificate
1. A qualified certificate must be created using the funds of an accredited certification center.
2. The qualified certificate must contain the following information:
1) the unique number of the qualified certificate, the start and end dates of its validity;
2) last name, first name and patronymic (if any) of the owner of the qualified certificate - for an individual or name, location and main state registration number of the owner of the qualified certificate - for a legal entity;
3) the insurance number of the individual personal account of the owner of a qualified certificate - for an individual or the taxpayer identification number of the owner of a qualified certificate - for a legal entity;
4) electronic signature verification key;
5) names of electronic signature means and means of an accredited certification center that are used to create an electronic signature key, an electronic signature verification key, a qualified certificate, as well as details of a document confirming the compliance of these means with the requirements established in accordance with this Federal Law;
6) the name and location of the accredited certification center that issued the qualified certificate, the number of the qualified certificate of the certification center;
7) restrictions on the use of a qualified certificate (if such restrictions are established);
8) other information about the owner of the qualified certificate (at the request of the applicant).
3. If the applicant submits to an accredited certification center documents confirming his right to act on behalf of third parties, the qualified certificate may include information about such powers of the applicant and their validity period.
4. A qualified certificate is issued in a form, the requirements for which are established by the federal executive body in the field of security.
5. In the event of cancellation of a qualified certificate issued by an accredited certification center that issued a qualified certificate to the applicant, or in the event of cancellation or expiration of the accreditation of the certification center, the qualified certificate issued by the accredited certification center to the applicant shall cease to be valid.
6. The owner of a qualified certificate is obliged to:
1) do not use the electronic signature key and immediately contact the accredited certification center that issued the qualified certificate to terminate the validity of this certificate if there is reason to believe that the confidentiality of the electronic signature key has been violated;
2) use a qualified electronic signature in accordance with the restrictions contained in the qualified certificate (if such restrictions are established).
Article 18. Issuance of a qualified certificate
1. When issuing a qualified certificate, an accredited certification center is obliged to:
1) establish the identity of the applicant - an individual who applied to him to receive a qualified certificate;
2) receive from a person acting on behalf of the applicant - a legal entity, confirmation of the authority to apply for a qualified certificate.
2. When applying to an accredited certification center, the applicant indicates the restrictions on the use of the qualified certificate (if such restrictions are established) and submits the following documents confirming the accuracy of the information provided by the applicant for inclusion in the qualified certificate, or their duly certified copies:
1) the main identification document, the insurance certificate of state pension insurance of the applicant - an individual or constituent documents, a document confirming the fact of making an entry about a legal entity in the Unified State Register of Legal Entities, and a certificate of registration with the tax authority of the applicant - a legal entity ;
2) a duly certified translation into Russian of documents on state registration of a legal entity in accordance with the legislation of a foreign state (for foreign legal entities);
3) a power of attorney or other document confirming the applicant’s right to act on behalf of other persons.
3. Upon receipt of a qualified certificate by the applicant, he must be familiarized with the information contained in the qualified certificate by an accredited certification center against receipt.
4. An accredited certification center, simultaneously with the issuance of a qualified certificate, must issue to the owner of a qualified certificate guidelines for ensuring the security of using a qualified electronic signature and qualified electronic signature means.
Article 19. Final provisions
1. Signature key certificates issued in accordance with Federal Law No. 1-FZ of January 10, 2002 “On Electronic Digital Signature” are recognized as qualified certificates in accordance with this Federal Law.
2. An electronic document signed with an electronic digital signature before the date of recognition of the Federal Law of January 10, 2002 N 1-FZ "On Electronic Digital Signature" as invalid is recognized as an electronic document signed with a qualified electronic signature in accordance with this Federal Law.
Article 20. Entry into force of this Federal Law
1. This Federal Law comes into force on the date of its official publication.
2. Federal Law of January 10, 2002 N 1-FZ “On Electronic Digital Signature” (Collection of Legislation of the Russian Federation, 2002, N 2, Art. 127) shall be declared invalid as of July 1, 2012.
President of the Russian Federation D. Medvedev
